0

After reading libreboot FAQ i have some questions about USB 2.0 bus. There it is strongly recommended to use usb devices - USB network card and USB to SATA adapter (to connect HDD or SSD with it). The reason is the lack of DMA. But all specification on USB 2.0 says that is sucsesful support DMA.

This is my result of using USB 2.0 to SATA adapter with SSD:

USB 2.0 to SATA adapter with SSD

So what level of security can gives USB 2.0 to SATA adapter? He can isolate data on storage from steal by DMA and SMM attack?

////////////////////////////////////////////////////////////////

There are many question about what I want, so i need to add some info and try to explain. This is some quote from libreboot FAQ:

about USB NIC:

"Ethernet NICs will typically run firmware inside, which is responsible for initializing the device internally. Theoretically, it could be configured to drop packets, or even modify them.

With proper IOMMU, it might be possible to mitigate the DMA-related issues. A USB NIC can also be used, which does not have DMA."

So this means that USB NIC, without IOMMU settings cant DMA? - i don't think so. Datasheet on ICH7 says, that inbuild controller USB 2.0 can and supported DMA. So whithout proper IOMMU for USB NIC, NIC have access to DMA and can stole and edit memory?

about USB to SATA adapter:

SSDs and HDDs are a special case, since they are persistent storage devices as well as computers.

Example attack that malicious firmware could do: substitute your SSH keys, allowing unauthorized remote access by an unknown adversary. Or maybe substitute your GPG keys. SATA drives can also have DMA (through the controller), which means that they could read from system memory; the drive can have its own hidden storage, theoretically, where it could read your LUKS keys and store them unencrypted for future retrieval by an adversary.

With proper IOMMU and use of USB instead of SATA, it might be possible to mitigate any DMA-related issues that could arise.

With USB to SATA adapter same question. How much can I reduce the attack surface using USB without proper IOMMU? SSD is contain powerfull ARM and proprietary closed firmware, that can do some evil, and some one think that using USB insted SATA can protect from this.

Maybe someone can recommend other way to protect data on storage from steal!?

ValoWaking
  • 1
  • 1
  • 1
    Secure against what? – vidarlo Apr 01 '23 at 08:26
  • USB2-to-SSD sounds a bit slow ... With USB devices you add USB (firmware) related problems. The best way to mitigate those attacks is to know what firmware is running and if it is the original firmware. If it is then make sure it stays this way. (and if it does behave only in a non malicious way) – secfren Apr 01 '23 at 09:49
  • What firmware do you mean? USB controller firmware or SSD firmware? I'm build system on ga-945gcm-s2c (without AMT and ME) with libreboot. So i have 945GC + ICH7 (inbuild USB controller). This platform has no hardware IOMMU. So i can't use it to prevent DMA attack by USB. Thats why i need to know what security level can gives me USB devices like USB NIC and USB to SATA adapter without IOMMU. The main thing is safety. Performance is secondary. This computer need only for surfing. – ValoWaking Apr 02 '23 at 08:14
  • The origin of your (potential) security problems is firmware. Make sure it is the original one/non-malicious etc. then you don't need to worry about those attacks. When you add USB devices/adapters then you'll maybe solve the DMA issue from your SATA device but you have to deal with the additional firmware (and potential attacks) of the USB device. – secfren Apr 02 '23 at 09:41
  • I understand that. And i can't check SSD firmware - it's closed. All what i can - reflash it with check sha sums on it. Adapter, what i have, is based on MA6116A - https://www.mikrocontroller.net/attachment/280740/MA6116A_datasheet.pdf About USB NIC - this is AX88772B chipset. I don't think that this NIC have some backdoors... Do u have some expiriense with this hardware? – ValoWaking Apr 02 '23 at 09:59
  • And one more question - this USB NIC on AX88772B really do not have access DMA? Can u recommend some PCI USB 2.0 controller that have hardware IOMMU? I think that is not bad idea to use it instead of inbuild ICH7 controller. – ValoWaking Apr 02 '23 at 10:05
  • The USB NIC chipset is a fairly common one and I do have devices with it. Those also contain a small EEPROM (0.5KB in my case which iirc, need to check again, only contained the MAC address but no firmware or drivers). By design there is probably no backdoor though depending on the device and size of the EEPROM this could be changed by an update. A solution would be to make the EEPROM Read-Only or check it once in a while. Datasheet of the SATA adapter mentions EEPROM and MP Tool so it probably is upgradeable. I can't help you with the PCI USB 2.0 controller. – secfren Apr 02 '23 at 17:43
  • https://security.stackexchange.com/questions/118854/attacks-via-physical-access-to-usb-dma – secfren Apr 02 '23 at 17:43
  • Attacks via physical access to USB (DMA...?) - is already readed. There is a lack of specifics... AX88772B have some GUI utilites to config eeprom like Windows SROM Programming Tool etc - https://www.asix.com.tw/en/product/USBEthernet/High-Speed_USB_Ethernet/AX88772B – ValoWaking Apr 02 '23 at 21:40

0 Answers0